org.jenkins-ci.plugins:mailer
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:mailerpage 1 of 1
- CVE-2017-2651LOWCVSS 3.7EG 3.7✓ Fixed in 1.202018-07-27
vulnerable: 1.1 ... 1.9 (20 versions)
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sen…
- CVE-2018-8718HIGHCVSS 8.0EG 8.0✓ Fixed in 1.212018-03-27
vulnerable: 1.1 ... 1.9 (21 versions)
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
- CVE-2020-2252MEDIUMCVSS 4.8EG 4.8✓ Fixed in 1.29.12020-09-16
vulnerable: 1.1 ... 1.9 (31 versions)
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
- CVE-2022-20613MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.34.22022-01-12
vulnerable: 1.1 ... 1.9 (39 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- CVE-2022-20614MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.34.22022-01-12
vulnerable: 1.1 ... 1.9 (39 versions)
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
Check whether org.jenkins-ci.plugins:mailer is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:mailer CVEs against the assets you own.
Start Free Scan →